US20100299519A1 - Method for managing wireless multi-hop network key - Google Patents
Method for managing wireless multi-hop network key Download PDFInfo
- Publication number
- US20100299519A1 US20100299519A1 US12/864,317 US86431709A US2010299519A1 US 20100299519 A1 US20100299519 A1 US 20100299519A1 US 86431709 A US86431709 A US 86431709A US 2010299519 A1 US2010299519 A1 US 2010299519A1
- Authority
- US
- United States
- Prior art keywords
- key
- trusted center
- based public
- wireless multi
- hop network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the present invention relates to the field of network information security, and in particular to a key management method for a wireless multi-hop network.
- POS Personal Operating Space
- information exchange between these terminal devices mainly relies on cable connections, which is inconvenient to use.
- a wireless technology connecting the terminal devices in the POS and realizing movable and automated interconnection between the terminal devices i.e., the wireless multi-hop network technology, is needed.
- communication data between non-neighboring terminal devices has to be transmitted with multi-hop routing.
- the terminal device may communicate with other devices in the network, but can not transfer data for other devices in the network, i.e., the terminal device does not have routing function.
- the routing coordinator is also responsible for transferring data for other devices in the network, i.e., the routing coordinator has the routing function.
- the network coordinator is responsible for transmitting network beacons, establishing a network, managing network nodes, storing network node information, searching for routing messages between a pair of nodes, and continually receiving information, and is also capable of transferring data for other devices in the network, i.e., the network coordinator has the routing function.
- the trusted center is a key management center of the network, responsible for configuring key information for all the devices in the network.
- the network coordinator may function as the trusted center, or may designate other devices in the network as the trusted center.
- the wireless multi-hop network supports two types of network topologies: star topology, and point-to-point topology; and the point-to-point topology may further include mesh topology, and cluster topology, as shown in FIGS. 1 to 3 .
- existing key management methods normally include a pre-shared key-based key management method and a PKI-based key management method.
- the first key management method is generally not suitable for large-scale networks, because it would be inconvenient to manage the pre-shared keys.
- the second key management method is not suitable for wireless multi-hop networks, because certificate management and the amount of communication are large.
- the invention provides a key management method for a wireless multi-hop network, which generates a public key and a private key based on an ID of each device, to perform cryptographic authentication of devices in the wireless multi-hop network, thereby improving security and performance of the wireless multi-hop network, and solving the technical problem that the existing pre-shared key-based key management method is not suitable for large-scale networks and the existing PKI-based key management method is not suitable for wireless multi-hop networks.
- An embodiment of the invention provides a key management method for a wireless multi-hop network, including:
- the key management scheme provided by the invention uses an ID-based public key mechanism, in which each device may communicate in the wireless multi-hop network in a secured manner using a public key and a private key based on its own ID, thereby improving security and performance of the wireless multi-hop network.
- the ID-based public key is revocable and is short in length, thus the number of enquiries for the validity of the public key can be reduced, thereby reducing transmission load and improving performance of the wireless multi-hop network.
- the device and the coordinator both can obtain the validity of their ID-based public keys according to a public key revocation table of the trusted center, thereby improving access security to the wireless multi-hop network; and the ID-based public-private key pair enables non-interactive key negotiation, thereby improving performance of the wireless multi-hop network.
- FIG. 1 illustrates an existing wireless multi-hop network of a star topology
- FIG. 2 illustrates a network of a mesh topology
- FIG. 3 illustrates a network of a cluster topology
- FIG. 4 is a flow chart of a key management method for a wireless multi-hop network according to an embodiment of the invention.
- FIG. 5 is a structural diagram of an authentication and access system for a wireless multi-hop network according to an embodiment of the invention.
- ‘ ⁇ ’ denotes a coordinator, ‘ ⁇ ’ for a terminal device, ‘ ’ for a communication channel;
- A is a terminal device requesting for authentication and access
- B is a coordinator that A associates with
- S is a trusted center of the wireless multi-hop network.
- the technical solution provided by the invention is applicable to security application protocols when implementing the WAPI framework (an access control method based on TePA, Tri-element Peer Authentication) with a particular network including wireless LAN, wireless MAN (Metropolitan Area Network).
- WAPI framework an access control method based on TePA, Tri-element Peer Authentication
- a particular network including wireless LAN, wireless MAN (Metropolitan Area Network).
- Wireless multi-hop networks includes low rate wireless Personal Area Networks, high rate wireless Personal Area Networks, wireless sensor networks, etc.
- the key management method may be used in these networks.
- the wireless multi-hop network key management provided by the invention mainly includes ID-based key generating, distributing, storing, replacing and revoking.
- FIG. 4 An ID-based key management method for a wireless multi-hop network is described below:
- an ID-based private key is the scalar multiplication of a master key and an ID-based public key, therefore the safety of the master key is important.
- the master key may be shared by multiple trusted centers, i.e., each trusted center possesses a part of the master key, known as a partial master key.
- each part of a public key may be referred to as a partial public key
- each part of a private key may be referred to as a partial private key.
- the trusted center in the wireless multi-hop network first builds an ID-based public key of the device to be registered according to an identity of the device; then submits the ID-based public key of the device to k trusted centers of the group of upper-layer trusted centers by a threshold cryptosystem; next, the k trusted centers use their partial master keys to generate partial ID-based private keys of the device, and transmit them to the trusted center of the wireless multi-hop network; finally, the trusted center obtains an ID-based private key of the device by synthesizing the partial ID-based private keys of the device.
- the trusted center in the wireless multi-hop network builds an ID-based public key of the device to be registered according to the identity of the device, and then generates an ID-based private key of the device by using the locally-stored master key.
- the ID-based public key of the device may be a concatenated value of a CA certificate identity of the trusted center in the wireless multi-hop network, an identifier of the wireless multi-hop network, the identity of the device and the time limit of the public key.
- Key generating includes the following steps:
- Step 11 the trusted center in the wireless multi-hop network builds an ID-based public key according to the identity of the device.
- the ID-based public key of the device may be a concatenated value of the identity of the device and the time limit of the public key.
- Step 12 the trusted center in the wireless multi-hop network generates an ID-based private key of the device.
- the device After submitting the identity of the device to the trusted center of the wireless multi-hop network, the device obtains an ID-based public-private key pair of the device from the trusted center. Particularly, the ID-based private key is transmitted to the device in a cryptographic manner, to ensure the safety of the private key.
- Step 21 the device submits its own identity, e.g., device ID, to the trusted center of the wireless multi-hop network;
- Step 22 the device obtains the ID-based public-private key pair from the trusted center of the wireless multi-hop network in a secured manner.
- the master key for generating the ID-based private key of the device is shared by a group of upper-layer trusted centers
- the master key is divided into n parts by a polynomial function, and the n parts are stored are n trusted centers of the group of upper-layer trusted centers. Each trusted center stores a part of the master key.
- the master key for generating the ID-based private key of the device may also be stored at the trusted center of the wireless multi-hop network.
- the trusted center of the wireless multi-hop network After distributing the ID-based public-private key pair of the device, the trusted center of the wireless multi-hop network deletes the ID-based public-private key pair of the device, and only stores an ID-based public-private key pair of its own.
- the device stores the ID-based public-private key pair of the device obtained from the trusted center of the wireless multi-hop network. Particularly, the ID-based private key has to be securely stored.
- Step 31 the master key for generating the ID-based private key of the device is obtained and stored;
- Step 32 the ID-based public-private key pair of the device is stored.
- a public key revocation table is maintained at the trusted center of the wireless multi-hop network, to record revoked public keys, so that the device can inquire about whether an ID-based public key is revoked.
- the device requests to the trusted center of the wireless multi-hop network for revoking the ID-based public key of the device in an off-line manner. And on reception of the request, the trusted center adds the ID-based public key of the device to the public key revocation table;
- the device requests to the trusted center in the wireless multi-hop network for revoking the ID-based public key of the device by using a secured operation with a session key between the device and the trusted center.
- the trusted center adds the ID-based public key of the device to the public key revocation table.
- the device requests to the trusted center in the wireless multi-hop network for replacing the ID-based public-private key pair of the device by using a session key between the device and the trusted center.
- the trusted center rebuilds an ID-based public key of the device; then obtains from the group of upper-layer trusted centers (or generates locally) an ID-based private key of the device corresponding the ID-based public key of the device; finally, the trusted center uses a session key between the device and the trusted center to transmit the re-generated ID-based public-private key pair of the device, and adds the original ID-based public key of the device to the public key revocation table.
- the key management scheme provided by the invention uses an ID-based public key mechanism, in which each device may communicate in the wireless multi-hop network in a secured manner using a public key and a private key based on its own ID, thereby improving security and performance of the wireless multi-hop network.
- the ID-based public key is revocable and is short in length, thus the number of enquiries for the validity of the public key can be reduced, thereby reducing transmission load and improving performance of the wireless multi-hop network.
- the device and the coordinator both can obtain the validity of their ID-based public keys according to a public key revocation table of the trusted center, thereby improving access security to the wireless multi-hop network; and the ID-based public-private key pair enables non-interactive key negotiation, thereby improving performance of the wireless multi-hop network.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
- This application claims the priority to Chinese Patent Application No. 200810017387.6, filed with the Chinese Patent Office on Jan. 23, 2008 and titled “ID-based Key Management Method for Wireless Multi-hop Network”, which is herein incorporated by reference in its entirety.
- The present invention relates to the field of network information security, and in particular to a key management method for a wireless multi-hop network.
- With the development of computer network and global mobile communications technologies, portable digital processing terminal devices have become a necessity in people's life and work, including laptops, Personal Digital Assistants (PDAs), computer peripherals, mobile telephones, pagers, household electronics, etc. They have strong processing capabilities and large storages, thereby forming a Personal Operating Space (POS). However, information exchange between these terminal devices mainly relies on cable connections, which is inconvenient to use. Thus, a wireless technology connecting the terminal devices in the POS and realizing movable and automated interconnection between the terminal devices, i.e., the wireless multi-hop network technology, is needed. In a wireless multi-hop network, communication data between non-neighboring terminal devices has to be transmitted with multi-hop routing.
- There are four types of devices in a wireless multi-hop network: a terminal device, a routing coordinator, a network coordinator and a trusted center. The terminal device may communicate with other devices in the network, but can not transfer data for other devices in the network, i.e., the terminal device does not have routing function. Besides the functions of the terminal device, the routing coordinator is also responsible for transferring data for other devices in the network, i.e., the routing coordinator has the routing function. The network coordinator is responsible for transmitting network beacons, establishing a network, managing network nodes, storing network node information, searching for routing messages between a pair of nodes, and continually receiving information, and is also capable of transferring data for other devices in the network, i.e., the network coordinator has the routing function. Collectively, the network coordinator and routing coordinator may be referred to as coordinators. The trusted center is a key management center of the network, responsible for configuring key information for all the devices in the network. The network coordinator may function as the trusted center, or may designate other devices in the network as the trusted center. The wireless multi-hop network supports two types of network topologies: star topology, and point-to-point topology; and the point-to-point topology may further include mesh topology, and cluster topology, as shown in
FIGS. 1 to 3 . - For wireless multi-hop networks, existing key management methods normally include a pre-shared key-based key management method and a PKI-based key management method.
- The first key management method is generally not suitable for large-scale networks, because it would be inconvenient to manage the pre-shared keys. The second key management method is not suitable for wireless multi-hop networks, because certificate management and the amount of communication are large.
- The invention provides a key management method for a wireless multi-hop network, which generates a public key and a private key based on an ID of each device, to perform cryptographic authentication of devices in the wireless multi-hop network, thereby improving security and performance of the wireless multi-hop network, and solving the technical problem that the existing pre-shared key-based key management method is not suitable for large-scale networks and the existing PKI-based key management method is not suitable for wireless multi-hop networks.
- An embodiment of the invention provides a key management method for a wireless multi-hop network, including:
-
- a key generating step:
- building, by a trusted center, an ID-based public key according to an identity of a device to be registered; and
- generating, by the trusted center, an ID-based private key of the device by using the public key and a master key;
- a key distributing step:
- submitting, by the device, the identity of the device to the trusted center of the wireless multi-hop network; and
- obtaining, by the device, an ID-based public-private key pair from the trusted center of the wireless multi-hop network in a secured manner; and
- a key storing step:
- storing the master key for generating the ID-based private key of the device, and an ID-based public-private key pair; and
- storing the ID-based public-private key pair of the device.
- a key generating step:
- To sum up, the key management scheme provided by the invention uses an ID-based public key mechanism, in which each device may communicate in the wireless multi-hop network in a secured manner using a public key and a private key based on its own ID, thereby improving security and performance of the wireless multi-hop network. The ID-based public key is revocable and is short in length, thus the number of enquiries for the validity of the public key can be reduced, thereby reducing transmission load and improving performance of the wireless multi-hop network. Moreover, a tri-element structure similar to that described in the Chinese wireless LAN specification is employed, and during authentication the device and the coordinator both can obtain the validity of their ID-based public keys according to a public key revocation table of the trusted center, thereby improving access security to the wireless multi-hop network; and the ID-based public-private key pair enables non-interactive key negotiation, thereby improving performance of the wireless multi-hop network.
-
FIG. 1 illustrates an existing wireless multi-hop network of a star topology; -
FIG. 2 illustrates a network of a mesh topology; -
FIG. 3 illustrates a network of a cluster topology; -
FIG. 4 is a flow chart of a key management method for a wireless multi-hop network according to an embodiment of the invention; -
FIG. 5 is a structural diagram of an authentication and access system for a wireless multi-hop network according to an embodiment of the invention. - In the accompanying drawings,
-
- A is a terminal device requesting for authentication and access, B is a coordinator that A associates with, and S is a trusted center of the wireless multi-hop network.
- The technical solution provided by the invention is applicable to security application protocols when implementing the WAPI framework (an access control method based on TePA, Tri-element Peer Authentication) with a particular network including wireless LAN, wireless MAN (Metropolitan Area Network).
- Wireless multi-hop networks includes low rate wireless Personal Area Networks, high rate wireless Personal Area Networks, wireless sensor networks, etc. The key management method may be used in these networks.
- The wireless multi-hop network key management provided by the invention mainly includes ID-based key generating, distributing, storing, replacing and revoking.
- Now refer to
FIG. 4 . An ID-based key management method for a wireless multi-hop network is described below: - S01, key generating:
- In an ID-based cryptographic scheme, an ID-based private key is the scalar multiplication of a master key and an ID-based public key, therefore the safety of the master key is important. The master key may be shared by multiple trusted centers, i.e., each trusted center possesses a part of the master key, known as a partial master key. Similarly, each part of a public key may be referred to as a partial public key, and each part of a private key may be referred to as a partial private key.
- In the case where the master key for generating the ID-based private key of the device to be registered in the embodiment of the invention is shared by a group of upper-layer trusted centers, the trusted center in the wireless multi-hop network first builds an ID-based public key of the device to be registered according to an identity of the device; then submits the ID-based public key of the device to k trusted centers of the group of upper-layer trusted centers by a threshold cryptosystem; next, the k trusted centers use their partial master keys to generate partial ID-based private keys of the device, and transmit them to the trusted center of the wireless multi-hop network; finally, the trusted center obtains an ID-based private key of the device by synthesizing the partial ID-based private keys of the device.
- In an embodiment, in the system as shown in
FIG. 5 , in the case where the master key for generating the ID-based private key of the device is stored in the trusted center of the wireless multi-hop network, the trusted center in the wireless multi-hop network builds an ID-based public key of the device to be registered according to the identity of the device, and then generates an ID-based private key of the device by using the locally-stored master key. - The ID-based public key of the device may be a concatenated value of a CA certificate identity of the trusted center in the wireless multi-hop network, an identifier of the wireless multi-hop network, the identity of the device and the time limit of the public key.
- Key generating includes the following steps:
- Step 11, the trusted center in the wireless multi-hop network builds an ID-based public key according to the identity of the device. For example, the ID-based public key of the device may be a concatenated value of the identity of the device and the time limit of the public key.
- Step 12, the trusted center in the wireless multi-hop network generates an ID-based private key of the device.
- S02, key distributing:
- After submitting the identity of the device to the trusted center of the wireless multi-hop network, the device obtains an ID-based public-private key pair of the device from the trusted center. Particularly, the ID-based private key is transmitted to the device in a cryptographic manner, to ensure the safety of the private key.
- Key distributing includes the following steps:
- Step 21, the device submits its own identity, e.g., device ID, to the trusted center of the wireless multi-hop network;
- Step 22, the device obtains the ID-based public-private key pair from the trusted center of the wireless multi-hop network in a secured manner.
- S03, key storing:
- In the case where the master key for generating the ID-based private key of the device is shared by a group of upper-layer trusted centers, the master key is divided into n parts by a polynomial function, and the n parts are stored are n trusted centers of the group of upper-layer trusted centers. Each trusted center stores a part of the master key.
- Alternatively, the master key for generating the ID-based private key of the device may also be stored at the trusted center of the wireless multi-hop network.
- After distributing the ID-based public-private key pair of the device, the trusted center of the wireless multi-hop network deletes the ID-based public-private key pair of the device, and only stores an ID-based public-private key pair of its own. The device stores the ID-based public-private key pair of the device obtained from the trusted center of the wireless multi-hop network. Particularly, the ID-based private key has to be securely stored.
- Key storing includes the following steps:
- Step 31, the master key for generating the ID-based private key of the device is obtained and stored;
- Step 32, the ID-based public-private key pair of the device is stored.
- S04, key revoking:
- For the convenience of public key management, a public key revocation table is maintained at the trusted center of the wireless multi-hop network, to record revoked public keys, so that the device can inquire about whether an ID-based public key is revoked.
- If the ID-based private key of the device is leaked, the device requests to the trusted center of the wireless multi-hop network for revoking the ID-based public key of the device in an off-line manner. And on reception of the request, the trusted center adds the ID-based public key of the device to the public key revocation table;
- If the ID-based private key of the device is no longer used, the device requests to the trusted center in the wireless multi-hop network for revoking the ID-based public key of the device by using a secured operation with a session key between the device and the trusted center. On reception of the request, the trusted center adds the ID-based public key of the device to the public key revocation table.
- S05, key replacing:
- If the ID-based public-private key pair of the device needs to be replaced, the device requests to the trusted center in the wireless multi-hop network for replacing the ID-based public-private key pair of the device by using a session key between the device and the trusted center. On reception of the request, the trusted center rebuilds an ID-based public key of the device; then obtains from the group of upper-layer trusted centers (or generates locally) an ID-based private key of the device corresponding the ID-based public key of the device; finally, the trusted center uses a session key between the device and the trusted center to transmit the re-generated ID-based public-private key pair of the device, and adds the original ID-based public key of the device to the public key revocation table.
- To sum up, the key management scheme provided by the invention uses an ID-based public key mechanism, in which each device may communicate in the wireless multi-hop network in a secured manner using a public key and a private key based on its own ID, thereby improving security and performance of the wireless multi-hop network. The ID-based public key is revocable and is short in length, thus the number of enquiries for the validity of the public key can be reduced, thereby reducing transmission load and improving performance of the wireless multi-hop network. Moreover, a tri-element structure similar to that described in the Chinese wireless LAN specification is employed, and during authentication the device and the coordinator both can obtain the validity of their ID-based public keys according to a public key revocation table of the trusted center, thereby improving access security to the wireless multi-hop network; and the ID-based public-private key pair enables non-interactive key negotiation, thereby improving performance of the wireless multi-hop network.
- By the preferable embodiments above, the object, technical solution and advantages of the invention are described in details. It should be appreciated that the embodiments described above are only preferable embodiments of the invention, and should not limit the scope of the invention. Any alterations, equivalents, or modifications without departing from the spirit and principle of the invention shall be included in the scope of the invention.
Claims (19)
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810017387.6 | 2008-01-23 | ||
CN200810017387 | 2008-01-23 | ||
CN200810017387A CN101222325B (en) | 2008-01-23 | 2008-01-23 | Wireless multi-hop network key management method based on ID |
PCT/CN2009/070255 WO2009094938A1 (en) | 2008-01-23 | 2009-01-21 | Method for managing wireless multi-hop network key |
Publications (2)
Publication Number | Publication Date |
---|---|
US20100299519A1 true US20100299519A1 (en) | 2010-11-25 |
US8688974B2 US8688974B2 (en) | 2014-04-01 |
Family
ID=39631923
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/864,317 Expired - Fee Related US8688974B2 (en) | 2008-01-23 | 2009-01-21 | Method for managing wireless multi-hop network key |
Country Status (5)
Country | Link |
---|---|
US (1) | US8688974B2 (en) |
EP (1) | EP2247130B1 (en) |
KR (1) | KR101173770B1 (en) |
CN (1) | CN101222325B (en) |
WO (1) | WO2009094938A1 (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110317838A1 (en) * | 2009-03-19 | 2011-12-29 | Koninklijke Philips Electronics N.V. | method for secure communication in a network, a communication device, a network and a computer program therefor |
US20120244809A1 (en) * | 2009-12-10 | 2012-09-27 | Sma Solar Technology Ag | Wireless communication network between participants of an assimilation step |
CN103138938A (en) * | 2013-03-22 | 2013-06-05 | 中金金融认证中心有限公司 | SM2 certificate application method based on cryptographic service provider (CSP) |
US20130173910A1 (en) * | 2010-08-25 | 2013-07-04 | Intellectual Discovery Co., Ltd. | Method for sharing secret values between sensor nodes in multi-hop wireless communication network |
CN103516510A (en) * | 2012-06-18 | 2014-01-15 | 宏达国际电子股份有限公司 | Wireless communication system access control method and related wireless communication system |
WO2015089457A1 (en) * | 2013-12-13 | 2015-06-18 | M87, Inc. | Methods and systems of secure connections for joining hybrid cellular and non-cellular networks |
US9100374B2 (en) | 2011-04-27 | 2015-08-04 | Beijing Senselock Software Technology Co., Ltd. | Method for managing remote upgrading keys in an information security apparatus |
CN107800538A (en) * | 2016-09-01 | 2018-03-13 | 中电长城(长沙)信息技术有限公司 | A kind of self-service device remote cipher key distribution method |
US10757571B2 (en) * | 2017-02-14 | 2020-08-25 | Unionplace Co., Ltd. | Internet of things device |
US10771144B2 (en) | 2013-11-27 | 2020-09-08 | M87, Inc. | Concurrent uses of non-cellular interfaces for participating in hybrid cellular and non-cellular networks |
US11178540B2 (en) * | 2018-10-31 | 2021-11-16 | Cisco Technology, Inc. | Enabling secure beacon telemetry broadcasts based on battery power state of a beacon device |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101222325B (en) * | 2008-01-23 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | Wireless multi-hop network key management method based on ID |
CN101895388B (en) * | 2010-07-07 | 2015-09-16 | 中兴通讯股份有限公司 | Distributed dynamic keys management method and device |
CN102043973B (en) * | 2010-12-13 | 2012-10-31 | 北京交通大学 | RFID ownership transfer method based on partially trusted centre |
CN102098672A (en) * | 2011-03-16 | 2011-06-15 | 北京邮电大学 | Method and system for transmitting key information, transmitting end and receiving end |
CN102868452B (en) * | 2012-09-06 | 2015-11-25 | 上海欣影电力科技发展有限公司 | A kind of mixed networking system for dense transmission channel |
KR102124413B1 (en) * | 2013-12-30 | 2020-06-19 | 삼성에스디에스 주식회사 | System and method for identity based key management |
GB2526367A (en) * | 2014-05-23 | 2015-11-25 | Ibm | Password-based authentication |
CN109218016B (en) * | 2017-07-06 | 2020-05-26 | 北京嘀嘀无限科技发展有限公司 | Data transmission method and device, server, computer equipment and storage medium |
WO2019007298A1 (en) * | 2017-07-06 | 2019-01-10 | Beijing DIDI Infinity Technology and Development Co., Ltd | Systems and methods for data transmission |
CN109474913B (en) * | 2017-09-06 | 2021-01-15 | 中国移动通信有限公司研究院 | Multi-hop transmission method and device |
WO2019127145A1 (en) * | 2017-12-27 | 2019-07-04 | 福建联迪商用设备有限公司 | Public and private key pair acquisition method and system, and pos terminal |
CN108829539A (en) * | 2018-06-08 | 2018-11-16 | 中国联合网络通信集团有限公司 | Data backup, data reconstruction method and equipment |
CN109831799A (en) * | 2019-02-28 | 2019-05-31 | 中国科学院国家空间科学中心 | A kind of highly dynamic radio mobile ad-hoc network network-building method |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010034834A1 (en) * | 2000-02-29 | 2001-10-25 | Shinako Matsuyama | Public-key-encryption data-communication system and data-communication-system forming method |
US20030211842A1 (en) * | 2002-02-19 | 2003-11-13 | James Kempf | Securing binding update using address based keys |
US20060023887A1 (en) * | 2004-04-02 | 2006-02-02 | Agrawal Dharma P | Threshold and identity-based key management and authentication for wireless ad hoc networks |
US7194622B1 (en) * | 2001-12-13 | 2007-03-20 | Cisco Technology, Inc. | Network partitioning using encryption |
US20080065888A1 (en) * | 2006-09-07 | 2008-03-13 | Motorola, Inc. | Security authentication and key management within an infrastructure based wireless multi-hop network |
US20100290622A1 (en) * | 2008-01-18 | 2010-11-18 | Koninklijke Philips Electronics N.V. | Wireless communication system and method for automatic node and key revocation |
US20110188653A1 (en) * | 2010-01-29 | 2011-08-04 | Oki Electric Industry Co., Ltd. | Communication system and device |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000038392A2 (en) | 1998-12-23 | 2000-06-29 | Nortel Networks Limited | Apparatus and method for distributing authentication keys to network devices in a multicast |
CN1655498A (en) * | 2004-02-10 | 2005-08-17 | 管海明 | Multi-center identity-based key management method |
CN100373843C (en) | 2004-03-23 | 2008-03-05 | 中兴通讯股份有限公司 | Key consaltation method in radio LAN |
CN1225942C (en) | 2004-11-04 | 2005-11-02 | 西安西电捷通无线网络通信有限公司 | Method of improving mobile terminal handover switching performance in radio IP system |
CN1262087C (en) * | 2005-01-14 | 2006-06-28 | 南相浩 | Method and apparatus for cipher key generation based on identification |
KR20070048431A (en) | 2005-11-04 | 2007-05-09 | 삼성전자주식회사 | Apparatus and method for in a stability routing mobile ad-hoc network |
JP2007208410A (en) | 2006-01-31 | 2007-08-16 | Hitachi Ltd | Id base encryption communication system |
CN1921384A (en) * | 2006-09-12 | 2007-02-28 | 上海交通大学 | Public key infrastructure system, local safety apparatus and operation method |
CN101068143B (en) | 2007-02-12 | 2012-04-11 | 中兴通讯股份有限公司 | Network equipment identification method |
CN101039182B (en) | 2007-03-07 | 2010-08-11 | 广东南方信息安全产业基地有限公司 | Authentication system and method for issuing user identification certificate |
CN101056177B (en) * | 2007-06-01 | 2011-06-29 | 清华大学 | Radio mesh re-authentication method based on the WLAN secure standard WAPI |
CN101222772B (en) | 2008-01-23 | 2010-06-09 | 西安西电捷通无线网络通信有限公司 | Wireless multi-hop network authentication access method based on ID |
CN101222325B (en) | 2008-01-23 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | Wireless multi-hop network key management method based on ID |
-
2008
- 2008-01-23 CN CN200810017387A patent/CN101222325B/en not_active Expired - Fee Related
-
2009
- 2009-01-21 KR KR1020107018359A patent/KR101173770B1/en active IP Right Grant
- 2009-01-21 EP EP09706489.3A patent/EP2247130B1/en not_active Not-in-force
- 2009-01-21 WO PCT/CN2009/070255 patent/WO2009094938A1/en active Application Filing
- 2009-01-21 US US12/864,317 patent/US8688974B2/en not_active Expired - Fee Related
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010034834A1 (en) * | 2000-02-29 | 2001-10-25 | Shinako Matsuyama | Public-key-encryption data-communication system and data-communication-system forming method |
US7194622B1 (en) * | 2001-12-13 | 2007-03-20 | Cisco Technology, Inc. | Network partitioning using encryption |
US20030211842A1 (en) * | 2002-02-19 | 2003-11-13 | James Kempf | Securing binding update using address based keys |
US20060023887A1 (en) * | 2004-04-02 | 2006-02-02 | Agrawal Dharma P | Threshold and identity-based key management and authentication for wireless ad hoc networks |
US20080065888A1 (en) * | 2006-09-07 | 2008-03-13 | Motorola, Inc. | Security authentication and key management within an infrastructure based wireless multi-hop network |
US7499547B2 (en) * | 2006-09-07 | 2009-03-03 | Motorola, Inc. | Security authentication and key management within an infrastructure based wireless multi-hop network |
US20100290622A1 (en) * | 2008-01-18 | 2010-11-18 | Koninklijke Philips Electronics N.V. | Wireless communication system and method for automatic node and key revocation |
US20110188653A1 (en) * | 2010-01-29 | 2011-08-04 | Oki Electric Industry Co., Ltd. | Communication system and device |
Non-Patent Citations (1)
Title |
---|
Katarina Stanoevska-Slabeva; IMPACT OF MOBILE AD HOC NETWORKSON THE MOBILE VALUE SYSTEM; Date: Year: 2003; Citeseer;PP; 1-16 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9077520B2 (en) * | 2009-03-19 | 2015-07-07 | Koninklijke Philips N.V. | Method for secure communication in a network, a communication device, a network and a computer program therefor |
US20110317838A1 (en) * | 2009-03-19 | 2011-12-29 | Koninklijke Philips Electronics N.V. | method for secure communication in a network, a communication device, a network and a computer program therefor |
US20120244809A1 (en) * | 2009-12-10 | 2012-09-27 | Sma Solar Technology Ag | Wireless communication network between participants of an assimilation step |
US9060384B2 (en) * | 2009-12-10 | 2015-06-16 | Sma Solar Technology Ag | Wireless communication network between participants of an assimilation step |
US20130173910A1 (en) * | 2010-08-25 | 2013-07-04 | Intellectual Discovery Co., Ltd. | Method for sharing secret values between sensor nodes in multi-hop wireless communication network |
US8719564B2 (en) * | 2010-08-25 | 2014-05-06 | Intellectual Discovery Co., Ltd. | Method for sharing secret values between sensor nodes in multi-hop wireless communication network |
US9100374B2 (en) | 2011-04-27 | 2015-08-04 | Beijing Senselock Software Technology Co., Ltd. | Method for managing remote upgrading keys in an information security apparatus |
CN103516510A (en) * | 2012-06-18 | 2014-01-15 | 宏达国际电子股份有限公司 | Wireless communication system access control method and related wireless communication system |
CN103138938A (en) * | 2013-03-22 | 2013-06-05 | 中金金融认证中心有限公司 | SM2 certificate application method based on cryptographic service provider (CSP) |
US10771144B2 (en) | 2013-11-27 | 2020-09-08 | M87, Inc. | Concurrent uses of non-cellular interfaces for participating in hybrid cellular and non-cellular networks |
WO2015089457A1 (en) * | 2013-12-13 | 2015-06-18 | M87, Inc. | Methods and systems of secure connections for joining hybrid cellular and non-cellular networks |
US10136311B2 (en) | 2013-12-13 | 2018-11-20 | M87, Inc. | Methods and systems of secure connections for joining hybrid cellular and non-cellular networks |
US10575170B2 (en) | 2013-12-13 | 2020-02-25 | M87, Inc. | Methods and systems of secure connections for joining hybrid cellular and non-cellular networks |
US11064355B2 (en) | 2013-12-13 | 2021-07-13 | M87, Inc. | Methods and systems and secure connections for joining hybrid cellular and non-cellular networks |
US11832097B2 (en) | 2013-12-13 | 2023-11-28 | M87, Inc. | Methods and systems and secure connections for joining wireless networks |
CN107800538A (en) * | 2016-09-01 | 2018-03-13 | 中电长城(长沙)信息技术有限公司 | A kind of self-service device remote cipher key distribution method |
US10757571B2 (en) * | 2017-02-14 | 2020-08-25 | Unionplace Co., Ltd. | Internet of things device |
US11178540B2 (en) * | 2018-10-31 | 2021-11-16 | Cisco Technology, Inc. | Enabling secure beacon telemetry broadcasts based on battery power state of a beacon device |
Also Published As
Publication number | Publication date |
---|---|
WO2009094938A1 (en) | 2009-08-06 |
KR101173770B1 (en) | 2012-08-13 |
KR20100113581A (en) | 2010-10-21 |
CN101222325A (en) | 2008-07-16 |
US8688974B2 (en) | 2014-04-01 |
EP2247130B1 (en) | 2018-09-19 |
CN101222325B (en) | 2010-05-12 |
EP2247130A4 (en) | 2014-06-11 |
EP2247130A1 (en) | 2010-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8688974B2 (en) | Method for managing wireless multi-hop network key | |
US7760885B2 (en) | Method of distributing encryption keys among nodes in mobile ad hoc network and network device using the same | |
CN101232378B (en) | Authentication accessing method of wireless multi-hop network | |
US20100293378A1 (en) | Method, device and system of id based wireless multi-hop network authentication access | |
US20140007207A1 (en) | Method and device for generating local interface key | |
WO2019041809A1 (en) | Registration method and apparatus based on service-oriented architecture | |
US11728978B2 (en) | Method and apparatus for establishing trusted channel between user and trusted computing cluster | |
US20080219452A1 (en) | Wireless device and key exchange method thereof | |
JP2012195774A (en) | Node and program | |
Gehrmann et al. | The personal CA-PKI for a personal area network | |
US9049592B2 (en) | Techniques for key derivation for secure communication in wireless mesh networks | |
US20230308876A1 (en) | Multicast containment in a multiple pre-shared key (psk) wireless local area network (wlan) | |
US20220407845A1 (en) | System and Method for Performing Secure Key Exchange | |
Rhee et al. | An architecture for key management in hierarchical mobile ad-hoc networks | |
Hoeper et al. | Pre-authentication and authentication models in ad hoc networks | |
Rajamanickam et al. | Inter cluster communication and rekeying technique for multicast security in mobile ad hoc networks | |
Zhou et al. | A novel group key establishment scheme for MANETs | |
Saravanan et al. | An new secure mechanism for bluetooth network | |
JP7390518B1 (en) | Management device and management method | |
WO2024114205A1 (en) | Key negotiation method and apparatus | |
US20230308868A1 (en) | Method, devices and system for performing key management | |
Abraham et al. | Security Protocols for Wireless Sensor Networks Based on Tiny Diffusion and Elliptic Curves | |
Cao | Design issues in “a secure and efficient key agreement framework for critical energy infrastructure using mobile device” | |
Liu et al. | A Novel Group Key Establishment Scheme for Ad Hoc Networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: CHINA IWNCOMM CO., LTD., CHINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XIAO, YUELEI;CAO, JUN;LAI, XIAOLONG;AND OTHERS;REEL/FRAME:024731/0855 Effective date: 20100720 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551) Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20220401 |